Anatomy of an Environment

In the simplest sense, environments consist of a node or set of nodes and provide an isolated domain for executing transactions and maintaining state. The architecture supports cross linking of AWS cloud accounts and Kaleido accounts, and offers the capability for integration of existing applications and workloads via the Kaleido API, AWS Integrations and .

Infrastructure and management tier

The Kaleido API exposes methods for all CRUD operations, allowing any administrative resource management to take place outside of the user interface. Organizations can build internal consoles for admin operations, leverage the Kaleido CLI tool or call the APIs directly via common REST methods. As a result, custom scripts and workflows can be implemented for member onboarding, environment creation, credential cycling, etc.

Environments are underpinned by an infrastructure layer that hosts an elastic file system (EFS) capable of on demand scaling relative to the data storage needs of the node. For dev-ops centric tasks such as log analysis and event streaming, the Kaleido /logs API can be leveraged.

Data tier

The Kaleido platform also surfaces a block explorer within each environment, made possible through the presence of a “system monitor” node. The explorer supports granular block inspection and source code verification, and offers a full lifecycle view of each chain. Organizations can leverage the explorer to extract patterns on commonly called contracts, transaction rates, etc.

The explorer interface is accessible through the standard console, with block data and metrics exposed directly in the browser. Alternatively, privileged users can elect to call common ledger APIs (e.g. /contracts) to return specified subsets of information. Extracted blockchain data can be injected into one or more of an organization’s existing analytics services, such as a data warehouse.

Application tier

Applications most typically leverage an Ethereum-compatible client library (e.g. Web3.js) in order to send properly formatted JSON RPC calls to the blockchain network. The Kaleido platform enforces basic access authentication when targeting a node, and accepts connections over HTTP or web socket protocols. The mandated application credentials are obtainable through one of the admin resource management approaches or through the standard UI.

Apps can run alongside existing workloads in an EC2 instance allowing for the integration of hardened business processes and data repositories with the blockchain. Rather than completely rearchitect legacy applications with Ethereum-compatible client libraries, Kaleido offers an Eth-Connect bridge for simplified transaction submission. Eth-Connect is a messaging tier underpinned by Kafka that abstracts the JSON/RPC API and allows for transactions to be modeled as simple JSON objects. Transactions can be submitted via a webhook endpoint or directly to Kafka brokers if an application requires exactly-once-delivery. As with basic node connections, calls to webhook endpoints and/or Kafka are protected with application credentials.

Platform interface

Transactions on the Kaleido platform are confined to the environment within which they occur. Moreover, when using the Quorum client’s privateFor parameter, transactions can be further isolated to a selected subset of participants. While this level of privacy and permissioning is important for many use cases, it needs to be accompanied by mechanisms that protect against malicious behavior and ensure data finality. To accommodate these requirements the Kaleido platform exposes a “tethering” interface with the Ethereum main net, where state snapshots are signed collectively by the nodes in an environment and proxied to the public network. This provides an immutable source of truth in the event of node tampering or attempted state manipulation. To learn more about Kaleido’s main net tethering implementation, please see the paper on Enhanced Immutability of Permissioned Blockchain Networks.